interestingly enough, back in the days when the DDOS attacks were taking yahoo and amazon down, MS managed to stay up. Then again there was that escapade where it was discovered their four DNS servers were on the same class C network segment. Its a big company. They undoubtedly have both people who know what they are doing and others who need a cluestick application.
Here is some info on Schmidt at microsoft.com. Looks like he has an admin-level job rather than a software engineering job. So I wouldn't blame him for how poorly coded Microsoft products are. He's involved with best practices on setting things up securely, not watching over programers making sure there's no buffer overruns in the code. Although administration and programming must overlap when it comes to real security there's only so much you can do if you're not deeply involved with the code.
What makes you think I was refering to slashdot users? I was talking about the editors. Here, I said so, long before you decided to post your late reply.
I've been hearing this lately. Say, I notice your sig refers to pureftp, something that I'm trying out. How does the OpenBSD pf firewall work with active FTP connections? Using ipf(3.3.14, I think) I wasn't able to get active connections to work through my firewall. How does pf compare?
I'm not refering to users, I'm referring to the editors who decide which story to post.
I was too lazy to look up specific stories, but hereare a few that are critical of Microsofts stance on withholding information.
I'm fully aware that the Slashdot Readership holds a wide spectrum of opinions. However, Slashdot is definitely a soapbox for the editors, and they should make their minds up about which issues they support and not take a different stance because the issue affects an open source org rather than Microsoft.
PS, as long as we're making overly generalized assumptions, the Slashdot Readership also treats Microsoft as a monolithic entity.
Please, either disable your service or use your firewall to block port 23. You don't need the fix to do that much. Inform your users that the site is down until a fix is made. Beats having to reinstall your whole OS, right? Who's to say there aren't crackers out there who have access to the CERT list anyway?
If you can't wait, you can probably get pure-ftpd going without too much trouble. Its been written from the ground up with security in mind, and so far no one has found a remote exploit.
Now wait a minute. Here on/., MS gets slammed because they want bugtraq and whoever to wait before they publicize a security hold until a fix can be reasonably made.
Now you guys are criticizing Red Hat for releasing information too quickly?!
Make up your minds. Either it is a Good Thing to release this sort of information to the public or not. IMO, if CERT is withholding information to the public that just gives a wiley cracker that much extra lead time to perform exploits. Whereas if the info was just released in the first place, at least people could turn their FTP servers yet, or switch to something like pure-ftp, which has yet to be cracked.
I agree with Red Hat on this one. They did people a favor by releasing the information.
I think authors in general know the value of their books go up when they sign them. Its really a win-win situation. Authors sell more books when they do tours, so they go on tour. Bookstores sell more books when authors come to sign. And the people who buy books get extra value when they come to a booksigning and buy a signed book.
We were lucky enough to get BC to come to our store for a signing, and believe me, this interview would have been much more interesting if they just transcribed it rather than doing the 3rd person thing. Bruce is just as funny in person as he is in his movies. Bruce signed all the books with funny soundbites from his movies(mine says 'Shop Smart!') so I know he was well aware of the collector value he was imparting to the people buying his book. I doubt it bothers him at all.
I was just thinking the same thing. If McAfee and Symantec won't detect it, then surely Microsoft would work with the FBI to build it into Windows in the first place. How else could the FBI ensure they were snooping on as many people as possible? Besides, MS has already sided with people like SDMI, RIAA, BSA, etc on the side of corps and not consumers.
I can see it now: an agreement to allow the govt. to insert whatever code they wanted in return for not prosecuting MS as a monopoly.
A few things happened in the Microsoft world that made it pretty easy for viruses to spread that could not happen in the Linux world.
1) most people don't read their email while logged in as root. This is the number 1 reason why viruses easily spread in Windows systems is because in Windows, just about everything is done with an account that has full control over the system.
2) In Windows-land you generally run binary-only programs and you have no idea what the source looks like. Most programs in Linux come with the source code. You are not likely to run a binary only program in Linux unless you know for sure who its coming from.
So, to reiterate, viruses are executable programs. They need both permission to execute and a means of spreading themselves. Windows systems were already set up to allow these things to happen by default. Linux systems will never be set up that way, at least not on a widespread basis.
I don't think we will ever see problems as widespread and damaging such as Nimda or Sircam on Linux systems, no matter how popular Linux gets. Its just not designed to easily allow programs to be run, without someone explicity giving it permission. Even exploits of commonly used server programs are limited in the damage they can do, because most servers do not run as root. No, the virus writer has a much much harder job to do on Unix systems. Why bother when Windows is so much easier?
can actually be used by the bands to bypass the evil record companies and sell their music themselves online.
However in the six or seven years that its been feasible to do that, has there been anyone thats done it successfully? It seems like it would be a much better idea than for a band to go into major long-term debt to a record company, which unfortunately is what happens to the 90%+ that don't "make it".
I know there are exceptions, but as a rule, music made in years past was much better, simply because it wasn't so much prepackaged crap for the masses(e.g. anything that gets played on MTV). Why hasn't the net spawned a revolution in music like as was promised?
Perhaps what is needed is an open source-style revolution where people with day jobs post great music with the intention of making great music moreso than making money. It wouldn't surprise me to see such a thing. Musicians are a lot like geeks(in fact many of them are geeks) - they do what they love, their mindset is based on sharing, and they're fairly technical. So far it hasn't happened, but who knows.
This is why SMART people in the US through court cases have said that prior constraint of speech is to be avoided at all costs and only allowed where DIRECT and DAMAGING results will occur.
Of course you realize we then have to play the definition game of what DIRECT and DAMAGING mean. And if your definition is the same as mine, then we agree on this issue.
There are certain things your employer is not allowed to do when hiring. He/she cannot discriminate on the base of race, sex, religion, etc.
Voila, there's your line. Its accepted whats OK and whats not OK when it comes to hiring, by the same token a set of rules can be applied to hate speech.
Hate speech IMO is not OK because it infringes on the rights of those it is directed to. The right of the African-American community for instance, to live peacefully without slander directed toward them, is more important than the right of white supremacicts to spout their false garbage.
I disagree with this. Spouting racial hatred is akin to yelling "Fire" in a crowded theater when there is no fire and should be treated as such.
Banning hate speech is not an infringement of Free Speech. The purpose of Free Speech is to guarantee your rights, not to infringe on the rights of others.
By way of comparison my Windows 2000 system has 1,770 objects in WINNT\System32, 27 of which are directories(with even more files) and the rest are files, mostly.dlls(binary library files). However, it doesn't really matter to me because Windows keeps track of all these in a logical way and cleanly handles installation and uninstallation of applications.
The only problem I run into lately on my Unix systems are calls to the wrong versions of libraries. Windows used to have this problem but has since taken care of it by allowing multiple versions of the same dll to coexist.
The thing that Windows does well that Linux package managers haven't even attempted is that it will not allow programs to be installed onto the system unless they meet certain requirements. Mainly for a program to get installed, there has to be a way to cleanly uninstall it. Otherwise it doesn't get installed.
If dpkg could do this, I'd be very happy. Not just for things bundled into a nice little Debian package, but for everything that gets installed into my system. If it gets installed, there should be a clean way to uninstall. Then, 2000 programs in/usr/bin wouldn't really matter that much. The system could deal with it.
The concept seemed weird to me at first - OK, so we're going to play a card game where you program your robot with the cards you are dealt. And this isn't a multi-player computer game, why?!
However, its a blast, and you get to spend time with your friends to boot.
Just an idea I had been mulling over. If the major search engines recorded the static IP addresses of the sites they indexed, then all we would need is the static IP addresses of the search engines loaded in our browser or hosts file.
Not a complete solution, but it would be enough to keep the net going if DNS went down.
The $2.56 check is personally signed by Donald Knuth, and is a token of having found a mistake in one of his books, which happen to be the greatest books on computer science ever written.
BTW, you really dont know what nsswitch.conf is?!?! Shame on you, calling yourself a unix admin.
I didn't know what it was either. Then I found out this file doesn't come on Unix systems at all, only Linux.(after looking for it on my OpenBSD, AIX, and finally my Debian systems)
Just for edification here's what it is, and what it does:
#/etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
Perhaps there is something to be said about being able to find and use the information you need more than being able to memorize it. At any rate, this isn't necessarily something a Unix admin should know.
So true. In my case it was removing ld from an AIX system, thinking I was just unlinking it. Please, please don't try this at home. I don't know how it is on Solaris or HP-UX, but if you remove something like that from your system, its next to impossible to get back on without reinstalling the whole OS(I have a backup system, so I copied it back over from there). You can't just get them off the install CD, because little utilities like that are wrapped up in big binary files, and you can't just copy them over.
Once you know how to get past a problem such as linking libc.so.2 to libc.so.1.73 because the program you are trying to install is looking for that, and can do things like that comfortably, you know you've arrived to some extent.
Being a Unix admin means learning your system, being creative, and not letting things you can't immediately find in the docs stop you from fixing the problem.
Slashdot Mirror
interestingly enough, back in the days when the DDOS attacks were taking yahoo and amazon down, MS managed to stay up. Then again there was that escapade where it was discovered their four DNS servers were on the same class C network segment. Its a big company. They undoubtedly have both people who know what they are doing and others who need a cluestick application.
Here is some info on Schmidt at microsoft.com. Looks like he has an admin-level job rather than a software engineering job. So I wouldn't blame him for how poorly coded Microsoft products are. He's involved with best practices on setting things up securely, not watching over programers making sure there's no buffer overruns in the code. Although administration and programming must overlap when it comes to real security there's only so much you can do if you're not deeply involved with the code.
What makes you think I was refering to slashdot users? I was talking about the editors. Here, I said so, long before you decided to post your late reply.
I've been hearing this lately. Say, I notice your sig refers to pureftp, something that I'm trying out. How does the OpenBSD pf firewall work with active FTP connections? Using ipf(3.3.14, I think) I wasn't able to get active connections to work through my firewall. How does pf compare?
I was too lazy to look up specific stories, but here are a few that are critical of Microsofts stance on withholding information.
I'm fully aware that the Slashdot Readership holds a wide spectrum of opinions. However, Slashdot is definitely a soapbox for the editors, and they should make their minds up about which issues they support and not take a different stance because the issue affects an open source org rather than Microsoft.
PS, as long as we're making overly generalized assumptions, the Slashdot Readership also treats Microsoft as a monolithic entity.
sorry bout that. FTP lives on port 21, not 23.
If you can't wait, you can probably get pure-ftpd going without too much trouble. Its been written from the ground up with security in mind, and so far no one has found a remote exploit.
Now you guys are criticizing Red Hat for releasing information too quickly?!
Make up your minds. Either it is a Good Thing to release this sort of information to the public or not. IMO, if CERT is withholding information to the public that just gives a wiley cracker that much extra lead time to perform exploits. Whereas if the info was just released in the first place, at least people could turn their FTP servers yet, or switch to something like pure-ftp, which has yet to be cracked.
I agree with Red Hat on this one. They did people a favor by releasing the information.
We were lucky enough to get BC to come to our store for a signing, and believe me, this interview would have been much more interesting if they just transcribed it rather than doing the 3rd person thing. Bruce is just as funny in person as he is in his movies. Bruce signed all the books with funny soundbites from his movies(mine says 'Shop Smart!') so I know he was well aware of the collector value he was imparting to the people buying his book. I doubt it bothers him at all.
I can see it now: an agreement to allow the govt. to insert whatever code they wanted in return for not prosecuting MS as a monopoly.
A few things happened in the Microsoft world that made it pretty easy for viruses to spread that could not happen in the Linux world.
1) most people don't read their email while logged in as root. This is the number 1 reason why viruses easily spread in Windows systems is because in Windows, just about everything is done with an account that has full control over the system.
2) In Windows-land you generally run binary-only programs and you have no idea what the source looks like. Most programs in Linux come with the source code. You are not likely to run a binary only program in Linux unless you know for sure who its coming from.
So, to reiterate, viruses are executable programs. They need both permission to execute and a means of spreading themselves. Windows systems were already set up to allow these things to happen by default. Linux systems will never be set up that way, at least not on a widespread basis.
I don't think we will ever see problems as widespread and damaging such as Nimda or Sircam on Linux systems, no matter how popular Linux gets. Its just not designed to easily allow programs to be run, without someone explicity giving it permission. Even exploits of commonly used server programs are limited in the damage they can do, because most servers do not run as root. No, the virus writer has a much much harder job to do on Unix systems. Why bother when Windows is so much easier?
However in the six or seven years that its been feasible to do that, has there been anyone thats done it successfully? It seems like it would be a much better idea than for a band to go into major long-term debt to a record company, which unfortunately is what happens to the 90%+ that don't "make it".
I know there are exceptions, but as a rule, music made in years past was much better, simply because it wasn't so much prepackaged crap for the masses(e.g. anything that gets played on MTV). Why hasn't the net spawned a revolution in music like as was promised?
Perhaps what is needed is an open source-style revolution where people with day jobs post great music with the intention of making great music moreso than making money. It wouldn't surprise me to see such a thing. Musicians are a lot like geeks(in fact many of them are geeks) - they do what they love, their mindset is based on sharing, and they're fairly technical. So far it hasn't happened, but who knows.
Of course you realize we then have to play the definition game of what DIRECT and DAMAGING mean. And if your definition is the same as mine, then we agree on this issue.
Voila, there's your line. Its accepted whats OK and whats not OK when it comes to hiring, by the same token a set of rules can be applied to hate speech.
Hate speech IMO is not OK because it infringes on the rights of those it is directed to. The right of the African-American community for instance, to live peacefully without slander directed toward them, is more important than the right of white supremacicts to spout their false garbage.
I disagree with this. Spouting racial hatred is akin to yelling "Fire" in a crowded theater when there is no fire and should be treated as such.
Banning hate speech is not an infringement of Free Speech. The purpose of Free Speech is to guarantee your rights, not to infringe on the rights of others.
See Active State Perl for a good example.
The only problem I run into lately on my Unix systems are calls to the wrong versions of libraries. Windows used to have this problem but has since taken care of it by allowing multiple versions of the same dll to coexist.
The thing that Windows does well that Linux package managers haven't even attempted is that it will not allow programs to be installed onto the system unless they meet certain requirements. Mainly for a program to get installed, there has to be a way to cleanly uninstall it. Otherwise it doesn't get installed.
If dpkg could do this, I'd be very happy. Not just for things bundled into a nice little Debian package, but for everything that gets installed into my system. If it gets installed, there should be a clean way to uninstall. Then, 2000 programs in
However, its a blast, and you get to spend time with your friends to boot.
http://www.wizards.com/RoboRally/Welcome.asp
Most ISP's already have a DNS server.
Not a complete solution, but it would be enough to keep the net going if DNS went down.
Really now, you'd cash that?
And by the way, all you young but poor college students. Why live on ramen and work at a substandard computer? Take this guys advice!
I didn't know what it was either. Then I found out this file doesn't come on Unix systems at all, only Linux.(after looking for it on my OpenBSD, AIX, and finally my Debian systems)
Just for edification here's what it is, and what it does:
#
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
Perhaps there is something to be said about being able to find and use the information you need more than being able to memorize it. At any rate, this isn't necessarily something a Unix admin should know.
So true. In my case it was removing ld from an AIX system, thinking I was just unlinking it. Please, please don't try this at home. I don't know how it is on Solaris or HP-UX, but if you remove something like that from your system, its next to impossible to get back on without reinstalling the whole OS(I have a backup system, so I copied it back over from there). You can't just get them off the install CD, because little utilities like that are wrapped up in big binary files, and you can't just copy them over.
Once you know how to get past a problem such as linking libc.so.2 to libc.so.1.73 because the program you are trying to install is looking for that, and can do things like that comfortably, you know you've arrived to some extent.
Being a Unix admin means learning your system, being creative, and not letting things you can't immediately find in the docs stop you from fixing the problem.
If you bought it for $100,000 and later sold it for $480,000, yes.